Data Protection Officer at Jubilee Insurance

Role Purpose

The purpose of this role is to establish, implement and enforce a robust Data Protection and compliance framework and systems (policies, processes, and tools) to ensure that Jubilee Health Insurance Limited (JHIL)is compliant with the Kenya Data Protection Act and Regulations.

Main Responsibilities
Operational

• Establishing the Data Protection Act Governance, regulatory framework and implementation plan which shall include development of the various required statements and policies.
• Guiding JHIL, their departments, and all support functions on implementation of Data Protection Act 2019 requirements and supporting them to ensure compliance with the Act.
• Regularly training of all internal stakeholders involved in data collection/processing, updating the training as well as conducting specific trainings for specific processing requirements.
• Conducting audits to ensure compliance, accountability and address potential issues proactively.
• Serving as the Data Protection Officer and point of contact between JHIL, the Data Commissioner and other Regulatory Authorities and co-operating with them during inspections by answering any complaints or queries raised with regards to Data Protection.
• Monitoring performance and adherence to the requirements of the regulation while providing advice on the data protection impact assessment.
• Creating and maintaining a register on comprehensive records of all data processing activities conducted by the company, including the purposes of all processing activities, which must be made public on request.
• Interfacing with data controllers, data processors and data subjects to inform them about the use of data, the data protection rights, obligations, responsibilities, measures the companies and support functions have put in place to protect personal and/or sensitive information and raise awareness on all the above.
• Advising and recommending to the institutions/support functions and their employees on the interpretation and/or application of the Data Protection Act or any other written law on data privacy.
• Handling queries or complaints internally or externally regarding data confidentiality and use.
• Providing status updates to the Head of Compliance, Senior and Middle Management on a regular basis (at least monthly) and drawing immediate attention to any failure to comply with the applicable data protection requirements.
• Data Protection Regulations: Developing together with the business and support functions, carrying out impact assessments, data protection policies, guidelines, and processes to ensure that compliance is consistent and in line with the Data Protection Act.
• Creating an Information Base: Guide and support on the creation of an information based on Data Protection and any other elements which may be helpful to the controllers and the staff of the organization.
• Relationship Building: Build a stable professional relationship with data controllers providing advice where necessary and investing time and efforts in showing the benefits of data protection compliance.
• Support the business in preparation of digital and other privacy statements as may be required for the institutions and supporting functions and ensure processes are put in place for the institutions/support functions to collect consents from the relevant data subjects and partners, have relevant privacy statements provided on all company forms and/or literature, websites and other communication or data collection mediums.
• Preparing an annual work program at the beginning of each year for the upcoming year for the sign off by the institution.
• Networking with other Data Protection Officers to share information and keep up with information and emerging trends around data protection as well as following up on change in laws and make recommendations on changes required.

Key Competencies

• Expertise in data protection law and practice
• A complete understanding of the company’s IT infrastructure, technology, technical and organizational structure.
• Experience and knowledge of the organization’s data processing operations and the level of data protection required for what is processed.
• Should be both reliable and independent, with no prior commitments that would interfere with the monitoring responsibilities of the Data Protection Officer.
• Should have excellent management skills and be able to interface easily with both internal staff at all levels and outside authorities.
• Personal skills: integrity, initiative, organization, perseverance, discretion, ability to assert himself/herself in difficult circumstances, interest in data protection and motivation to be a Data Protection Officer.
• Interpersonal skills: Communication, Negotiation, Conflict Resolution and Ability to build working relationships.

 Qualifications

• Bachelor of Laws or any other related field
• Para Legal Diploma from the Kenya School of Law
• Privacy Professional Certifications provided by the International Association of Privacy Professionals (IAPP) such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Professional/Information Technology (CIPP/IT).

 Relevant Experience

• Minimum of 3 years’ experience working in a mid-management level in a compliance/audits environment within the financial services industry preferably in the insurance or banking industry.